<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="theme-color" content="#222"><meta name="generator" content="Hexo 7.3.0">

  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next-haha.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next-haha.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next-haha.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">



<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/7.0.0/css/all.min.css" integrity="sha256-VHqXKFhhMxcpubYf9xiWdCiojEbY9NexQ4jh8AxbvcM=" crossorigin="anonymous">
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.1.1/animate.min.css" integrity="sha256-PR7ttpcvz8qrF57fur/yAx1qXMFJeJFiA6pSzWi0OIE=" crossorigin="anonymous">

<script class="next-config" data-name="main" type="application/json">{"hostname":"ming.theyan.gs","root":"/","images":"/images","scheme":"Pisces","darkmode":false,"version":"8.25.0","exturl":false,"sidebar":{"position":"left","width_expanded":320,"width_dual_column":240,"display":"post","padding":18,"offset":12},"hljswrap":true,"codeblock":{"theme":{"light":"default","dark":"stackoverflow-dark"},"prism":{"light":"prism","dark":"prism-dark"},"copy_button":{"enable":false,"style":null},"fold":{"enable":false,"height":500},"language":false},"bookmark":{"enable":true,"color":"#222","save":"auto"},"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"stickytabs":false,"motion":{"enable":true,"async":false,"duration":200,"transition":{"menu_item":"fadeInDown","post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"prism":false,"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果：${query}","hits_time":"找到 ${hits} 个搜索结果（用时 ${time} 毫秒）","hits":"找到 ${hits} 个搜索结果"},"path":"/search.xml","localsearch":{"enable":true,"top_n_per_article":1,"unescape":false,"preload":false,"trigger":"auto"}}</script><script src="/js/config.js" defer></script>

    <meta name="description" content="背景在 AWS 的一个 VPC 内部的一台 EC2 上搭了一个 OpenVPN 服务器，对，就是 从 Client VPN endpoint 迁移到 EC2 上的 OpenVPN 提到的这件事。然后我有台 PC 通过 OpenVPN 客户端软件连了过来。以下是基本信息。  NOTE: IP 地址都不是实际真实情况   EC2（A） 公网 IP：1.1.1.1（本地并没有，这个是防火墙或其他设备给做">
<meta property="og:type" content="article">
<meta property="og:title" content="Amazon Linux 2023：Bug 还是特性？">
<meta property="og:url" content="https://ming.theyan.gs/2023/05/Amazon%20Linux%202023%EF%BC%9ABug%20%E8%BF%98%E6%98%AF%E7%89%B9%E6%80%A7%EF%BC%9F/index.html">
<meta property="og:site_name" content="运维烂笔头">
<meta property="og:description" content="背景在 AWS 的一个 VPC 内部的一台 EC2 上搭了一个 OpenVPN 服务器，对，就是 从 Client VPN endpoint 迁移到 EC2 上的 OpenVPN 提到的这件事。然后我有台 PC 通过 OpenVPN 客户端软件连了过来。以下是基本信息。  NOTE: IP 地址都不是实际真实情况   EC2（A） 公网 IP：1.1.1.1（本地并没有，这个是防火墙或其他设备给做">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-05-18T10:32:25.000Z">
<meta property="article:modified_time" content="2023-05-19T12:32:47.000Z">
<meta property="article:author" content="老杨">
<meta property="article:tag" content="ip">
<meta property="article:tag" content="OpenVPN">
<meta property="article:tag" content="AWS">
<meta property="article:tag" content="AL2023">
<meta property="article:tag" content="Amazon Linux 2023">
<meta property="article:tag" content="EC2">
<meta property="article:tag" content="策略路由">
<meta property="article:tag" content="ping">
<meta property="article:tag" content="路由表">
<meta property="article:tag" content="rp_filter">
<meta name="twitter:card" content="summary">


<link rel="canonical" href="https://ming.theyan.gs/2023/05/Amazon%20Linux%202023%EF%BC%9ABug%20%E8%BF%98%E6%98%AF%E7%89%B9%E6%80%A7%EF%BC%9F/">


<script class="next-config" data-name="page" type="application/json">{"sidebar":"","isHome":false,"isPost":true,"lang":"zh-CN","comments":true,"permalink":"https://ming.theyan.gs/2023/05/Amazon%20Linux%202023%EF%BC%9ABug%20%E8%BF%98%E6%98%AF%E7%89%B9%E6%80%A7%EF%BC%9F/index.html","path":"2023/05/Amazon Linux 2023：Bug 还是特性？/index.html","title":"Amazon Linux 2023：Bug 还是特性？"}</script>

<script class="next-config" data-name="calendar" type="application/json">""</script>
<title>Amazon Linux 2023：Bug 还是特性？ | 运维烂笔头</title>
  
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-106574959-2"></script>
  <script class="next-config" data-name="google_analytics" type="application/json">{"tracking_id":"UA-106574959-2","only_pageview":false,"measure_protocol_api_secret":null}</script>
  <script src="/js/third-party/analytics/google-analytics.js" defer></script>

  <script src="/js/third-party/analytics/baidu-analytics.js" defer></script>
  <script async src="https://hm.baidu.com/hm.js?fdef9ded31bdb8b2dab08eddebdd5fed"></script>







  
  <script src="https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js" integrity="sha256-XL2inqUJaslATFnHdJOi9GfQ60on8Wx1C2H8DYiN1xY=" crossorigin="anonymous" defer></script>
<script src="/js/utils.js" defer></script><script src="/js/motion.js" defer></script><script src="/js/sidebar.js" defer></script><script src="/js/next-boot.js" defer></script><script src="/js/bookmark.js" defer></script>

  <script src="https://cdnjs.cloudflare.com/ajax/libs/hexo-generator-searchdb/1.5.0/search.js" integrity="sha256-xFC6PJ82SL9b3WkGjFavNiA9gm5z6UBxWPiu4CYjptg=" crossorigin="anonymous" defer></script>
<script src="/js/third-party/search/local-search.js" defer></script>







  




<!-- google adsense -->
<script data-ad-client="ca-pub-1045025618858716" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

  <noscript>
    <link rel="stylesheet" href="/css/noscript.css">
  </noscript>
<link rel="alternate" href="/atom.xml" title="运维烂笔头" type="application/atom+xml">
</head>

<body itemscope itemtype="http://schema.org/WebPage" class="use-motion">
  <div class="headband"></div>

  <main class="main">
    <div class="column">
      <header class="header" itemscope itemtype="http://schema.org/WPHeader"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏" role="button">
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <i class="logo-line"></i>
      <p class="site-title">运维烂笔头</p>
      <i class="logo-line"></i>
    </a>
      <p class="site-subtitle" itemprop="description">一个 SA 老兵的工作日志</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger" aria-label="搜索" role="button">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>



<nav class="site-nav">
  <ul class="main-menu menu"><li class="menu-item menu-item-projects"><a href="/projects" rel="section"><i class="fa fa-code fa-fw"></i>projects</a></li><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a></li><li class="menu-item menu-item-categories"><a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a></li><li class="menu-item menu-item-sitemap"><a href="/sitemap.xml" rel="section"><i class="fa fa-sitemap fa-fw"></i>站点地图</a></li><li class="menu-item menu-item-commonweal"><a href="/404/" rel="section"><i class="fa fa-heartbeat fa-fw"></i>公益 404</a></li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup">
      <div class="search-header">
        <span class="search-icon">
          <i class="fa fa-search"></i>
        </span>
        <div class="search-input-container">
          <input autocomplete="off" autocapitalize="off" maxlength="80"
                placeholder="搜索..." spellcheck="false"
                type="search" class="search-input">
        </div>
        <span class="popup-btn-close" role="button">
          <i class="fa fa-times-circle"></i>
        </span>
      </div>
      <div class="search-result-container">
        <div class="search-result-icon">
          <i class="fa fa-spinner fa-pulse fa-5x"></i>
        </div>
      </div>
    </div>
  </div>

</header>
        
  
  <aside class="sidebar">

    <div class="sidebar-inner sidebar-nav-active sidebar-toc-active">
      <ul class="sidebar-nav">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <div class="sidebar-panel-container">
        <!--noindex-->
        <div class="post-toc-wrap sidebar-panel">
            <div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E8%83%8C%E6%99%AF"><span class="nav-number">1.</span> <span class="nav-text">背景</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98%E6%8F%8F%E8%BF%B0"><span class="nav-number">2.</span> <span class="nav-text">问题描述</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98%E6%8E%92%E6%9F%A5"><span class="nav-number">3.</span> <span class="nav-text">问题排查</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%88%9D%E6%AD%A5%E6%8E%92%E6%9F%A5"><span class="nav-number">3.1.</span> <span class="nav-text">初步排查</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#ICMP-%E5%8C%85%E7%9A%84%E8%BF%BD%E8%B8%AA"><span class="nav-number">3.2.</span> <span class="nav-text">ICMP 包的追踪</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E4%B8%8D%E6%98%AF%E8%B7%AF%E7%94%B1%E7%9A%84%E9%97%AE%E9%A2%98%EF%BC%88%EF%BC%9F%EF%BC%89"><span class="nav-number">3.3.</span> <span class="nav-text">不是路由的问题（？）</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E7%BB%A7%E7%BB%AD%E6%A3%80%E6%B5%8B%E6%8E%92%E6%9F%A5"><span class="nav-number">3.4.</span> <span class="nav-text">继续检测排查</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98%E5%8E%9F%E5%9B%A0"><span class="nav-number">4.</span> <span class="nav-text">问题原因</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98%E9%AA%8C%E8%AF%81"><span class="nav-number">5.</span> <span class="nav-text">问题验证</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E7%BB%93%E8%AE%BA"><span class="nav-number">6.</span> <span class="nav-text">结论</span></a></li></ol></div>
        </div>
        <!--/noindex-->

        <div class="site-overview-wrap sidebar-panel">
          <div class="site-author animated" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">老杨</p>
  <div class="site-description" itemprop="description">好记性比不过烂笔头</div>
</div>
<div class="site-state-wrap animated">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        <a href="/archives/">
          <span class="site-state-item-count">114</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
          <a href="/categories/">
        <span class="site-state-item-count">8</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
          <a href="/tags/">
        <span class="site-state-item-count">509</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author animated">
      <span class="links-of-author-item">
        <a href="https://github.com/haw-haw" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;haw-haw" rel="noopener me" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
      <span class="links-of-author-item">
        <a href="mailto:blog@theyan.gs" title="E-Mail → mailto:blog@theyan.gs" rel="noopener me" target="_blank"><i class="fa fa-envelope fa-fw"></i>E-Mail</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://weibo.com/u/1494877243" title="Weibo → https:&#x2F;&#x2F;weibo.com&#x2F;u&#x2F;1494877243" rel="noopener me" target="_blank"><i class="fab fa-weibo fa-fw"></i>Weibo</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://twitter.com/6fool" title="Twitter → https:&#x2F;&#x2F;twitter.com&#x2F;6fool" rel="noopener me" target="_blank"><i class="fab fa-twitter fa-fw"></i>Twitter</a>
      </span>
  </div>

        </div>
      </div>
    </div>

    
    <div class="sidebar-inner sidebar-blogroll">
      <div class="links-of-blogroll animated">
        <div class="links-of-blogroll-title"><i class="fa fa-globe fa-fw"></i>
          链接
        </div>
        <ul class="links-of-blogroll-list">
            <li class="links-of-blogroll-item">
              <a href="https://bad-pencil.github.io/" title="https:&#x2F;&#x2F;bad-pencil.github.io" rel="noopener" target="_blank">github 镜像站</a>
            </li>
            <li class="links-of-blogroll-item">
              <a href="https://hawhaw.gitee.io/" title="https:&#x2F;&#x2F;hawhaw.gitee.io" rel="noopener" target="_blank">gitee 镜像站</a>
            </li>
        </ul>
      </div>
    </div>
  </aside>


    </div>

    <div class="main-inner post posts-expand">


  


<div class="post-block">
  
  

  <article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://ming.theyan.gs/2023/05/Amazon%20Linux%202023%EF%BC%9ABug%20%E8%BF%98%E6%98%AF%E7%89%B9%E6%80%A7%EF%BC%9F/index.html">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="老杨">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="运维烂笔头">
      <meta itemprop="description" content="好记性比不过烂笔头">
    </span>

    <span hidden itemprop="post" itemscope itemtype="http://schema.org/CreativeWork">
      <meta itemprop="name" content="Amazon Linux 2023：Bug 还是特性？ | 运维烂笔头">
      <meta itemprop="description" content="">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          Amazon Linux 2023：Bug 还是特性？
        </h1>

        <div class="post-meta-container">
          <div class="post-meta">
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar"></i>
      </span>
      <span class="post-meta-item-text">发表于</span>

      <time title="创建时间：2023-05-18 18:32:25" itemprop="dateCreated datePublished" datetime="2023-05-18T18:32:25+08:00">2023-05-18</time>
    </span>
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar-check"></i>
      </span>
      <span class="post-meta-item-text">更新于</span>
      <time title="修改时间：2023-05-19 20:32:47" itemprop="dateModified" datetime="2023-05-19T20:32:47+08:00">2023-05-19</time>
    </span>

  
</div>

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody"><h2 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h2><p>在 AWS 的一个 VPC 内部的一台 EC2 上搭了一个 OpenVPN 服务器，对，就是 <a href="/2023/02/%E4%BB%8E%20Client%20VPN%20endpoint%20%E8%BF%81%E7%A7%BB%E5%88%B0%20EC2%20%E4%B8%8A%E7%9A%84%20OpenVPN/index.html">从 Client VPN endpoint 迁移到 EC2 上的 OpenVPN</a> 提到的这件事。然后我有台 PC 通过 OpenVPN 客户端软件连了过来。以下是基本信息。</p>
<blockquote>
<p><strong><em>NOTE:</em></strong> IP 地址都不是实际真实情况</p>
</blockquote>
<ul>
<li>EC2（A）<ul>
<li>公网 IP：<code>1.1.1.1</code>（本地并没有，这个是防火墙或其他设备给做的一对一 map）</li>
<li>私网 IP：<code>10.0.0.2/24</code></li>
<li>私网网关：<code>10.0.0.1</code></li>
<li>私网网卡：enX0</li>
<li>tun 设备名：tun0</li>
<li>tun 设备 IP：<code>172.16.0.1/24</code></li>
</ul>
</li>
<li>PC（B）<ul>
<li>tun 设备名：tun0</li>
<li>tun 设备 IP：<code>172.16.0.2/24</code></li>
</ul>
</li>
</ul>
<span id="more"></span>

<h2 id="问题描述"><a href="#问题描述" class="headerlink" title="问题描述"></a>问题描述</h2><p>问题的核心是：B 无法 ping 通 A 的私网 IP。换句话说，当我在 B 上执行 <code>ping 10.0.0.2</code> 命令时，无法得到响应。俗话就是 ping 不通 10.0.0.2。</p>
<h2 id="问题排查"><a href="#问题排查" class="headerlink" title="问题排查"></a>问题排查</h2><h3 id="初步排查"><a href="#初步排查" class="headerlink" title="初步排查"></a>初步排查</h3><p>我对 AWS EC2 的网络问题进行了深入的排查，包括各种路由表、安全组、网络 ACL，甚至本地的防火墙配置等等。然而，我并没有找到问题的所在。我可以访问 VPC 内部的私网里的 RDS 资源，也可以在 A 上明显看到有接收到数据包。</p>
<h3 id="ICMP-包的追踪"><a href="#ICMP-包的追踪" class="headerlink" title="ICMP 包的追踪"></a>ICMP 包的追踪</h3><p>我继续深入，发现在 A 上可以接收到 B 发送的 icmp 包，而且 A 也确实有回包，但是奇怪的是，回包并没有通过 tun0 设备，而是直接从 enX0 设备发送出去！</p>
<h3 id="不是路由的问题（？）"><a href="#不是路由的问题（？）" class="headerlink" title="不是路由的问题（？）"></a>不是路由的问题（？）</h3><p>马上怀疑本地路由有问题，直接在 A 上执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ip r get 172.16.0.2</span><br></pre></td></tr></table></figure>

<p>发现没问题呀，是从设备 tun0 走的呀？这下就完全把我给整不会了。再此之后，我还做了好些努力，比如：</p>
<h3 id="继续检测排查"><a href="#继续检测排查" class="headerlink" title="继续检测排查"></a>继续检测排查</h3><ul>
<li>在 A 上 ping B 的 VPN 地址（tun0 设备上）：<ul>
<li><code>ping 172.16.0.2</code>，当然是通的</li>
<li><code>ping -I 10.0.0.2 172.16.0.2</code>，这种指定源 IP 的方式 ping，当然是不通的，同样问题，听包发现包没往 tun0 设备上走，而是往 enX0 上走了</li>
</ul>
</li>
<li>跟各种 AI 掰扯，也被告知过 n 多需要检查的地方，比如 kernel 参数 rp_filter 啥的，都对，但都没啥意义，都查过 n 多遍了。</li>
<li>还在微信朋友圈里发了这个问题，看看朋友圈的卧龙凤雏有没有啥好一点的建议方法。回复基本上都有道理，但没有一个能给我灵感的。</li>
</ul>
<h2 id="问题原因"><a href="#问题原因" class="headerlink" title="问题原因"></a>问题原因</h2><p>多番努力，虽然没有结果，但是慢慢还是明白了问题所在就是为什么从 10.0.0.2 出去按路由表应该往 tun0 上走的包却走到了 enX0 上？“这还是路由的问题“，我盖棺定论。</p>
<p>老想想不出为什么，于是就上网找了找 Linux 高级路由的资料看了看，突然想起来：Linux 系统里，路由选择上比路由表级别更高的还有一个：路由策略！柳暗花明呀。</p>
<p>我立马起来，登录上 EC2，</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ip rule s</span><br></pre></td></tr></table></figure>

<p>果然有一条记录：</p>
<blockquote>
<p>10000:  from 10.0.0.2 lookup 10000 proto static</p>
</blockquote>
<p>果然有货，再接着看这条 id 是 10000 的路由表里有什么：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ip r s table 10000</span><br></pre></td></tr></table></figure>

<p>系统显示：</p>
<blockquote>
<p>default via 10.0.0.1 dev enX0 proto dhcp metric 512<br>10.0.0.0&#x2F;24 dev enX0 proto static scope link</p>
</blockquote>
<p>这一下子逻辑就清晰了，源地址是 10.0.0.2、目标地址是 172.16.0.2 的数据包之所以会往 enX0 上走是因为路由策略 <code>10000:  from 10.0.0.2 lookup 10000 proto static</code>，这个策略规定了源地址是 10.0.0.2 的数据包怎么走要看路由表 10000，而在 10000 这张路由表又是这样的：</p>
<blockquote>
<p>default via 10.0.0.1 dev enX0 proto dhcp metric 512<br>10.0.0.0&#x2F;24 dev enX0 proto static scope link</p>
</blockquote>
<p>按照这个路由表，去往 172.16.0.2 的数据包不妥妥的要往 enX0 上发吗？</p>
<h2 id="问题验证"><a href="#问题验证" class="headerlink" title="问题验证"></a>问题验证</h2><p>最后，我还要做最后一个测试，以验证我的结论：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">sudo</span> ip r add 172.16.0.0/24 \</span><br><span class="line">    dev tun0 \</span><br><span class="line">    src 172.16.0.1 \</span><br><span class="line">    table 10000</span><br></pre></td></tr></table></figure>

<p>然后，那边在 B 上 <code>ping 10.0.0.2</code> 马上就通了。</p>
<p>最后的最后，我把刚加的这条路由删掉了，因为我还没想好要不要修以及怎么修这个问题。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">sudo</span> ip r del 172.16.0.0/24 table 10000</span><br></pre></td></tr></table></figure>

<h2 id="结论"><a href="#结论" class="headerlink" title="结论"></a>结论</h2><p>由于 Amazon Linux 2023 中在策略路由里将从 EC2 私网地址为源地址的数据包强制走了另外一张路由表，在那张表里源地址为 EC2 私网地址的数据包会走 enX0，而我的 OpenVPN 服务启动时只修改了缺省的路由表：main，故而导致从 OpenVPN 的客户端不能通 EC2 的私网地址。</p>
<p>所以，这到底是 Amazon Linux 2023 的 bug 呢，还是 OpenVPN 的 bug 呢？这个问题还需要进一步的探讨和研究。</p>

    </div>

    
    
    

    <footer class="post-footer">
          <div class="reward-container">
  <div>请我一杯咖啡吧！</div>
  <button>
    赞赏
  </button>
  <div class="post-reward">
      <div>
        <img src="/images/wechat-reward.png" alt="老杨 微信">
        <span>微信</span>
      </div>
      <div>
        <img src="/images/alipay-reward.png" alt="老杨 支付宝">
        <span>支付宝</span>
      </div>

  </div>
</div>

          <div class="followme">
  <span>欢迎关注我的其它发布渠道</span>

  <div class="social-list">

      <div class="social-item">
          <a target="_blank" class="social-link" href="https://twitter.com/6fool">
            <span class="icon">
              <i class="fab fa-twitter"></i>
            </span>

            <span class="label">Twitter</span>
          </a>
      </div>

      <div class="social-item">
          <a target="_blank" class="social-link" href="/atom.xml">
            <span class="icon">
              <i class="fa fa-rss"></i>
            </span>

            <span class="label">RSS</span>
          </a>
      </div>
  </div>
</div>

          <div class="post-tags">
              <a href="/tags/ip/" rel="tag"># ip</a>
              <a href="/tags/OpenVPN/" rel="tag"># OpenVPN</a>
              <a href="/tags/AWS/" rel="tag"># AWS</a>
              <a href="/tags/AL2023/" rel="tag"># AL2023</a>
              <a href="/tags/Amazon-Linux-2023/" rel="tag"># Amazon Linux 2023</a>
              <a href="/tags/EC2/" rel="tag"># EC2</a>
              <a href="/tags/%E7%AD%96%E7%95%A5%E8%B7%AF%E7%94%B1/" rel="tag"># 策略路由</a>
              <a href="/tags/ping/" rel="tag"># ping</a>
              <a href="/tags/%E8%B7%AF%E7%94%B1%E8%A1%A8/" rel="tag"># 路由表</a>
              <a href="/tags/rp-filter/" rel="tag"># rp_filter</a>
          </div>

        

          <div class="post-nav">
            <div class="post-nav-item">
                <a href="/2023/04/%E9%80%9A%E8%BF%87%20API%20%E6%8A%93%E5%8F%96%20linear.app%20%E7%9A%84%E4%BB%BB%E5%8A%A1%E7%94%9F%E6%88%90%E5%91%A8%E6%8A%A5/index.html" rel="prev" title="通过 API 抓取 linear.app 的任务生成周报">
                  <i class="fa fa-angle-left"></i> 通过 API 抓取 linear.app 的任务生成周报
                </a>
            </div>
            <div class="post-nav-item">
                <a href="/2023/06/%E5%88%A9%E7%94%A8%20AWS%20Session%20Manager%20%E8%AE%BF%E9%97%AE%20VPC%20%E5%86%85%E7%BD%91%E7%9A%84%E8%B5%84%E6%BA%90/index.html" rel="next" title="利用 AWS Session Manager 访问 VPC 内网的资源">
                  利用 AWS Session Manager 访问 VPC 内网的资源 <i class="fa fa-angle-right"></i>
                </a>
            </div>
          </div>
    </footer>
  </article>
</div>






</div>
  </main>

  <footer class="footer">
    <div class="footer-inner">

  <div class="copyright">
    &copy; 
    <span itemprop="copyrightYear">2025</span>
    <span class="with-love">
      <i class="fa fa-heart"></i>
    </span>
    <span class="author" itemprop="copyrightHolder">老杨</span>
  </div>
  <div class="powered-by">由 <a href="https://hexo.io/" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/pisces/" rel="noopener" target="_blank">NexT.Pisces</a> 强力驱动
  </div>

    </div>
  </footer>

  
  <div class="toggle sidebar-toggle" role="button">
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
  </div>
  <div class="sidebar-dimmer"></div>
  <div class="back-to-top" role="button" aria-label="返回顶部">
    <i class="fa fa-arrow-up fa-lg"></i>
    <span>0%</span>
  </div>
  <a role="button" class="book-mark-link book-mark-link-fixed"></a>

<noscript>
  <div class="noscript-warning">Theme NexT works best with JavaScript enabled</div>
</noscript>

</body>
</html>
